CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner: Re: [FishMonger] how to avoid security holes for CGI code using checkbox ?: Edit Log



ningji
Novice

Apr 18, 2013, 6:55 PM


Views: 359
Re: [FishMonger] how to avoid security holes for CGI code using checkbox ?

sorry i'm at home now,
e.g. a very simple page, 1 checkbox, 1 submit button,

print checkbox(
-name => 'more_info',
-value => 'yes',
-selected => 1,
-label => 'Would you like more info?');

if i check the checkbox, then click submit.

from param() it'll know i checked this box.
So it'll exec a code in the background, e.g. turn on a xterm.


Now this web security tool can simulate this checkbox event, then send to web server.

when i run this tool, i can see many xterms in my server side. But no one is actually clicking the webpage.

So what's the best way to block this kind of fake checkbox message pls ?



In Reply To
What is the problem you're needing to solve?

Also, please post your script.



(This post was edited by ningji on Apr 18, 2013, 6:56 PM)


Edit Log:
Post edited by ningji (Novice) on Apr 18, 2013, 6:56 PM


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives